vulns/openexr/OSV-2021-1627.yaml

id: OSV-2021-1627
summary: Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute
details: |
  OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416

  ```
  Crash type: Heap-buffer-overflow WRITE 2
  Crash state:
  Imf_3_1::LineCompositeTask::execute
  IlmThread_3_1::NullThreadPoolProvider::addTask
  IlmThread_3_1::ThreadPool::addGlobalTask
  ```
modified: '2022-04-13T03:21:28.115569Z'
published: '2021-11-27T00:00:35.244395Z'
references:
- type: REPORT
  url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416
affected:
- package:
    name: openexr
    ecosystem: OSS-Fuzz
  ranges:
  - type: GIT
    repo: https://github.com/AcademySoftwareFoundation/openexr
    events:
    - introduced: 8f45d8fa44bc2420a365b2818d97ed91fb0dc689
    - fixed: db217f29dfb24f6b4b5100c24ac5e7490e1c57d0
    - fixed: 2a9380544b13e401eb7687c4085a9bb24188b1b3
  versions:
  - v3.1.0
  - v3.1.0-rc1
  - v3.1.1
  - v3.1.1-rc
  - v3.1.2
  - v3.1.2-rc
  - v3.1.2-rc2
  - v3.1.3
  - v3.1.3-rc
  ecosystem_specific:
    severity: HIGH